cloud-metadata

The provided fragment is highly indicative of malicious intent: it provides a concrete, multi-cloud playbook for extracting temporary instance metadata credentials and using them to enumerate and access high-value resources (including secrets and object storage), with optional recursive downloading of potentially sensitive content. This behavior aligns strongly with cloud credential theft and post-exploitation discovery/exfiltration patterns rather than benign software functionality.

MALICIOUS. The skill’s stated purpose is offensive exploitation: abusing SSRF/shell access to query cloud metadata, extract temporary credentials, read user-data secrets, and pivot into cloud API enumeration and privilege-escalation workflows. The footprint is internally consistent, but it is consistent with an attack playbook for credential theft and unauthorized cloud access.